CI/CD

Definition

CI/CD coverage in this archive spans 6 posts from Jun 2016 to Jul 2022 and focuses on reliability, delivery speed, and cost discipline as one system, not three separate concerns. The strongest adjacent threads are devops, security, and devsecops. Recurring title motifs include without, security, production, and stop.

Key claims

• Most posts prioritize predictable operations over feature breadth or stack novelty.
• Early posts lean on stop and continuous, while newer posts lean on github and actions as constraints shifted.
• This topic repeatedly intersects with devops, security, and devsecops, so design choices here rarely stand alone.

Practical checklist

• Set SLOs first, then choose tooling that keeps deploy, observability, and rollback simple.
• Start with the newest post to calibrate current constraints, then backtrack to older entries for first principles.
• When boundary questions appear, cross-read devops and security before committing implementation details.

Failure modes

• Adding platform layers faster than the team can operate and debug them.
• Chasing throughput gains without proving they improve end-user reliability.
• Applying guidance from 2016 to 2022 without revisiting assumptions as context changed.

Suggested reading path

• Start here (current state): Container Scanning Without the Security Theater
• Then read (operating middle): GitOps: Stop SSHing Into Production
• Finish with (foundational context): Continuous Deployment Without the Chaos

Related posts

• Container Scanning Without the Security Theater
• DevSecOps in Practice: What I Actually Implement
• The GitHub Actions Patterns I Actually Use in Production
• GitOps: Stop SSHing Into Production
• Stop Doing Security Reviews by Hand
• Continuous Deployment Without the Chaos

References

• The Twelve-Factor App
• Google SRE Book
• RFC 9110: HTTP Semantics